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CLAIMS 



1. A method comprising: 

deriving a secret that is unique to a game console running a particular game 
title; and 

establishing a secure communication link between multiple game consoles 
over a local area network using the secret. 

2. A method as recited in claim 1 5 wherein the deriving comprises 
deriving the secret from data stored in the game console and data associated with 
the particular game title. 

3. A method as recited in claim 1, wherein the deriving comprises: 
retrieving a console-based key from the game console and a title-based key 

associated with the particular game title; and 

deriving the secret from the console-based key and the title-based key. 

4. A method as recited in claim 1, wherein the establishing comprises: 
discovering whether another game console on the local area network is 

hosting the particular game title; and 

exchanging secure communication keys between the multiple game 
consoles to facilitate secure multi-console play of the particular game title over the 
local area network. 
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5. A method as recited in claim 1, wherein the establishing comprises 
establishing a secure communication link over an Ethernet segment using the 
secret. 

6. A method comprising: 

generating at least one key that is secret to an authentic gaming system 
running an authentic game title; 

discovering whether another gaming system on a common local area 
network is hosting the game title; and 

establishing a secure communication link between multiple gaming systems 
to facilitate multi-system play of the game title over the local area network. 

7. A method as recited in claim 6, wherein the generating comprises: 
retrieving a console-based key from the gaming system and a title-based 

key associated with the game title; and 

deriving the key from the console-based key and the title-based key. 

8. A method as recited in claim 6, wherein the discovering comprises 
broadcasting, over the local area network, a request to join in playing the game 
title being hosted by another gaming system. 

9. A method as recited in claim 8, wherein the discovering comprises 
receiving a broadcast reply, over the local area network, from the gaming system 
that is hosting the game title. 
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10. A method as recited in claim 6, wherein the discovering comprises: 
cryptographically encoding, using a generated key, a request to join in 
playing the game title being hosted by another gaming system; and 
broadcasting the request over the local area network. 

5 

6 | 11. A method as recited in claim 6, wherein the discovering comprises 

broadcasting a request over an Ethernet segment. 

12. A method as recited in claim 6, wherein the establishing comprises 

10 exchanging secure communication keys between the multiple game consoles to 

11 facilitate multi-console play of the particular game title over the local area 

I y 

12 network 

jSJ- 14 13. In a networked gaming environment where multiple game consoles 

is are connected via a local area network, a method comprising: 

i6 broadcasting, from a client game console over a local area network, a 

i? request to join in playing a game title in a network gaming session being hosted by 

is a host game console, the request containing a secret that is unique to the client 

19 game console running the game title; and 

20 broadcasting, from the host game console over the local area network, a 
reply to the request, the reply containing information that can be used to establish 

22 a secure communication link. 

23 
24 
25 
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14. A method as recited in claim 13, further comprising deriving the 
secret from data stored in the client game console and data associated with the 
game title. 

5 15. A method as recited in claim 13, wherein the local area network 

6 comprises an Ethernet segment. 

7 

8 16. A method comprising: 

9 retrieving a console-based key stored on a game console; 

10 retrieving a title-based key associated with a game title running on the 
a game console; and 

i2 deriving one or more keys from the console-based key and the title-based 

B key. 



15 



17. A method as recited in claim 16, wherein the deriving comprises 

16 computing a hashing function on a concatenation of the console-based key and the 

17 title-based key. 



18 



19 18. One or more computer-readable media comprising computer- 

20 executable instructions that, when executed, perform the method as recited in 

21 claim 16. 



22 



23 19. In a networked gaming environment where multiple game consoles 

24 are connected via a local area network, a method comprising: 



25 
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creating a request to join in playing a game title being hosted by a host 
game console on the local area network; 

broadcasting the request over the local area network; 

receiving a reply from the host game console, the reply containing one or 
more session keys; and 

using the session keys from the reply to facilitate future secure 
communication with the host game console. 

20. A method as recited in claim 19, wherein the broadcasting 
comprises broadcasting the request over an Ethernet segment. 

21. A method as recited in claim 19, further comprising 
cryptographically encoding the request prior to the broadcasting. 

22. A method as recited in claim 19, wherein the receiving comprises 
listening for a reply that is broadcast from the host game console over the local 
area network. 

23. A method as recited in claim 22, wherein the broadcast reply is 
cryptographically encoded, and further comprising cryptographically decoding the 
reply. 

24. One or more computer-readable media comprising computer- 
executable instructions that, when executed, perform the method as recited in 
claim 19. 
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25. In a networked gaming environment where multiple game consoles 
are connected via a local area network and at least two game consoles are playing 
a same game title, a method comprising: 

forming an initial packet that contains first data used to derive a 
cryptographic key; 

computing a first hash digest of the initial packet; 

sending the initial packet and the first hash digest to another game console 
on the local area network that is playing the same game title; 

receiving a reply packet from the other game console, the reply packet 
including a second hash digest and second data; 

authenticating the reply packet using the second hash digest; and 

deriving one or more security association keys from the first and second 
data, the security association keys being used to secure communication between 
the multiple consoles. 

26. One or more computer-readable media comprising computer- 
executable instructions that, when executed, perform the method as recited in 
claim 25. 

27. In a networked gaming environment where multiple game consoles 
are connected via a local area network, a method comprising: 

retrieving a console-based key from a first game console and a title-based 
key associated with a game title running on the first game console; 
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deriving at least one cryptographic key from the console-based key and the 
title-based key; 

creating, at a first console, a request to join in playing the game title being 
hosted by a second game console on the local area network; 

cryptographically encoding the request using the cryptographic key; 
broadcasting the request over the local area network; 

cryptographically decoding the request, at the second game console, using 
the cryptographic key; 

generating, at the second game console, a reply that contains at least one 
session key; 

cryptographically encoding the reply using the cryptographic key; 
broadcasting the reply over the local area network; 

cryptographically decoding the reply, at the first game console, using the 
cryptographic key; 

exchanging packets between the first and second game consoles, the 
packets being protected using the session key and containing data used to derive at 
least one security association key; and 

establishing a secure communication link between the first and second 
game consoles using the security association keys to facilitate secure multi- 
console play of the game title. 

28. A method as recited in claim 27, wherein the deriving comprises 
computing a hashing function on a concatenation of the console-based key and the 
title-based key. 
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29. A method as recited in claim 27, wherein: 

the deriving comprises computing an encryption key and a signature key; 

and 

the encoding of the request comprises encrypting the request using the 
encryption key to form an encrypted request and digitally signing the encrypted 
request using the signature key. 

30. A method as recited in claim 27, wherein the exchanging comprises: 
forming, at one of the first or second game consoles, a packet that contains 

the data used to derive the security association key; 
computing a hash digest of the packet; 

sending the packet and the hash digest to the other of the first or second 
game consoles; and 

authenticating the packet using the hash digest at the other first or second ' 
game consoles. 

31. A method as recited in claim 27, wherein the data used to derive the 
security association key comprises values used by a cryptographic Diffie-Hellman 
function. 

32. One or more computer-readable media comprising computer- 
executable instructions that, when executed, perform the method as recited in 
claim 27. 
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1 33. In a networked gaming environment where multiple game consoles 

2 are connected via a local area network, a method comprising: 

3 retrieving a console-based key from a first game console and a title-based 

4 key associated with a game title running on the first game console; 

s deriving at least one cryptographic key from the console-based key and the 

6 title-based key; 

7 creating a request to join in playing the game title being hosted by another 
s game console on the local area network; 

9 encoding the request using the cryptographic key; 

10 broadcasting the request over the local area network; 

n receiving a reply from a host game console, the reply containing at least 

12 one session key; 

13 exchanging packets with the host game console, the packets being protected 

14 using the session key and containing data used to derive at least one security 
is association key; and 

16 establishing a secure communication link with the host game console using 

n the security association key. 

18 

19 34. A method as recited in claim 33, wherein the receiving comprises 

20 listening for a reply that is broadcast from the host game console over the local 

21 area network. 

22 

23 35. One or more computer-readable media comprising computer- 

24 executable instructions that, when executed, perform the method as recited in 

25 claim 33. 
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36. In a networked gaming environment where multiple game consoles 
are connected via a local area network, a method comprising: 

retrieving a console-based key from a first game console and a title-based 
key associated with a game title running on the first game console; 

deriving at least one cryptographic key from the console-based key and the 
title-based key; 

receiving a request to join in playing the game title from another game 
console on the local area network; 

cryptographically decoding the request using the cryptographic key; 
generating a reply that contains at least one session key; 
encoding the reply using the cryptographic key; 
sending the reply over the local area network; 

exchanging packets with the other game console, the packets being 
protected using the session key and containing data used to derive at least one 
security association key; and 

establishing a secure communication link with the other game console 
using the security association key. 

37. A method as recited in claim 33 , wherein the sending comprises 
broadcasting the reply over the local area network. 

38. One or more computer-readable media comprising computer- 
executable instructions that, when executed, perform the method as recited in 
claim 33. 
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39. A computer-readable medium for a game console comprising 
computer-executable instructions that, when executed, direct the game console to: 

obtain a first key stored in memory of the game console and a second key 
associated with a game title running on the game console; and 
derive one or more keys from the first and second keys. 

40. A computer-readable medium for a game console comprising 
computer-executable instructions that, when executed, direct the game console to: 

encrypt a request to join in playing a game title being hosted by a remote 
host game console on a local area network; 

digitally sign the request; 

broadcast the request over the local area network; 

listen for at least one broadcast reply from the host game console; 

upon receipt of the reply, extract at least one session key from the reply for 
use in facilitating future communication with the host game console; 

form an initial packet that contains first data used to derive a cryptographic 

key; 

compute a first hash digest of the initial packet using the session key; 

send the initial packet and the first hash digest to the host game console; 

listen for a reply packet from the host game console, the reply packet 
including a second hash digest and second data; 

authenticate the reply packet using the session key and the second hash 
digest; and 
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derive at least one security association key from the first and second data, 
the security association keys being used to secure communication with the host 
game console. 

41. A computer-readable medium for a game console comprising 
computer-executable instructions that, when executed, direct the game console to: 

receive a request from a remote game console on a local area network, the 
request seeking network play of a game title; 

authenticate the request as being generated by an authentic game console 
running an authentic version of the game title; 

decode the request; 

determine whether to allow the remote game console to play; 
in an event the remote game console is allowed to play, create a reply with 
containing at least one session key; 

encrypt and digitally sign the reply; 

send the reply to the remote game console; 

receive an initial packet directly from the remote game console, the initial 
packet containing first data used to derive a cryptographic key; 
authenticate the initial packet using the session key; 
form a response packet holding second data used to derive a cryptographic 

key; 

send the response packet to the remote game console; and 

derive at least one security association key from the first and second data, 

the security association keys being used to secure communication with the remote 

game console. 
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42. A computer-readable medium as recited in claim 41, further 
comprising computer-executable instructions that, when executed, direct the game 
console to broadcast the response packet over the local area network. 

43. A game console, comprising: 
a memory to store a first key; 

a game title configured to execute on the game console, the game title 
having an associated second key; and 

a processor coupled to the memory, the processor being configured to 
derive at least one cryptographic keys from the first and second keys. 

44. A game console as recited in claim 43, wherein the memory 
comprises a read only memory. 

45. A game console as recited in claim 43, wherein the processor is 
configured to compute a hash function of the first and second keys. 

46. A game console as recited in claim 43, wherein the processor is 
further configured to discover another game console on a local area network that is 
hosting the game title. 

47. A game console as recited in claim 43, wherein the processor is 
further configured to use the cryptographic key to establish a secure 
communication link with a remote game console over a local area network. 
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48. A game console, comprising: 
a memory; and 

a processor coupled to the memory and configured to generate at least one 
key that is secret to the game console when running an authentic game title, the 
processor being further configured to discover, using the key, a host game console 
on a common local area network that is hosting the game title and to establish a 
secure communication link with the host game console over the local area 
network. 

49. A game console as recited in claim 48, wherein the processor is 
configured to derive the key from data stored in the memory and data associated 
with the authentic game title. 

50. A game console as recited in claim 48, wherein the processor is 
further configured to discover a host game console by creating a request to join in 
playing the game title and broadcasting the request over the local area network. 

51. A game console as recited in claim 48, wherein the processor 
establishes the secure communication link by exchanging data with the host game 
console that can be used to derive a cryptographic key. 

52. A system, comprising: 

first and second game consoles with network connections to facilitate 
connection to a local area network, the first and second game consoles running a 



!ee@hayes pac 509«324-92S6 



35 



III 20 J J 200 MS1-890US PA T.APP DOC 



ri 



same game title and being configured to generate identical keys by virtue of 

2 running the same game title; and 

3 the first game console being configured to discover the second game 

4 console by broadcasting messages over the local area network, the messages being 

5 secured by the keys . 

53. A system as recited in claim 52, where in the first and second game 
consoles are configured to establish a secure communication link over the local 
area network by exchanging data used to derive a cryptographic key. 



JJJ ii 54. A system as recited in claim 52, where in the local area network 

12 comprises an Ethernet segment. 
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